NULL pointer dereference in Linux kernel - CVE-2026-45965
Published: May 28, 2026
Vulnerability identifier: #VU132522
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-45965
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in rawdata_get_link_base in apparmorfs when resolving symbolic links to rawdata for a replaced profile after the export_binary parameter has been disabled at runtime. A local user can read a crafted rawdata symbolic link to cause a denial of service.
The issue occurs for profiles loaded before export_binary was disabled and then replaced, leaving the rawdata pointer NULL while the symbolic link remains accessible.
How to mitigate CVE-2026-45965
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/1432ab0774cba43e8111be39989ff226531a9bac
- https://git.kernel.org/stable/c/19f2e4055626a58842ddec3282ad4465a80c6625
- https://git.kernel.org/stable/c/1d2b2b58fde9059a488bc25399e6c3d74e9b5548
- https://git.kernel.org/stable/c/3c36b87fc2a4cf88eadea8cf13923bd2b4f9a3fa
- https://git.kernel.org/stable/c/6d8c180c825cbc73eeffaa79591f8e142dacae70
- https://git.kernel.org/stable/c/b25298e89a297c42eb4c4d6f081d60375b820abb
- https://git.kernel.org/stable/c/df9ac55abd18628bd8cff687ea043660532a3654
- https://git.kernel.org/stable/c/e6b2fc7e34d4e7ca6b8598c33a3d45d59e455d8d